examples/fuzz.c: null pointer dereference when there are no args
asarubbo opened this issue · comments
Hello,
this is to let you know that examples/fuzz.c
has a null pointer dereference when launched without arguments:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8717==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fed09b38613 bp 0x000000000000 sp 0x7ffdbc7fd580 T0)
==8717==The signal is caused by a READ memory access.
==8717==Hint: address points to the zero page.
#0 0x7fed09b38613 in fseek /var/tmp/portage/sys-libs/glibc-2.36-r7/work/glibc-2.36/libio/fseek.c:35:3
#1 0x4dd2a5 in main /root/bzip3/fuzz.c:24:5
#2 0x7fed09ae71f6 in __libc_start_call_main /var/tmp/portage/sys-libs/glibc-2.36-r7/work/glibc-2.36/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#3 0x7fed09ae72ab in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.36-r7/work/glibc-2.36/csu/../csu/libc-start.c:381:3
#4 0x41d5c0 in _start (/root/bzip3/bzip_fuzz+0x41d5c0)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /var/tmp/portage/sys-libs/glibc-2.36-r7/work/glibc-2.36/libio/fseek.c:35:3 in fseek
==8717==ABORTING
Aborted
and a similar issue in examples/decompress-file.c
==34739==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7fe75b500000 at pc 0x000000440631 bp 0x7ffd8dcefd10 sp 0x7ffd8dcef498
READ of size 5 at 0x7fe75b500000 thread T0
#0 0x440630 in printf_common(void*, char const*, __va_list_tag*) /var/tmp/portage/sys-libs/compiler-rt-sanitizers-15.0.7/work/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors_format.inc:553:9
#1 0x441a39 in __interceptor_vprintf /var/tmp/portage/sys-libs/compiler-rt-sanitizers-15.0.7/work/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1738:1
#2 0x441a39 in printf /var/tmp/portage/sys-libs/compiler-rt-sanitizers-15.0.7/work/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1796:1
#3 0x4dd3c4 in main /root/bzip3/decompress-file.c:12:9
#4 0x7fe75d4bb1f6 in __libc_start_call_main /var/tmp/portage/sys-libs/glibc-2.36-r7/work/glibc-2.36/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#5 0x7fe75d4bb2ab in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.36-r7/work/glibc-2.36/csu/../csu/libc-start.c:381:3
#6 0x41d5c0 in _start (/root/bzip3/bzip3_decompress+0x41d5c0)
These programs are not meant for the end user.
/* This is just a demonstration of bzip3 library usage, it does not contain all the necessary error checks and will not
* support cross-endian encoding/decoding. */
I understand, but I pointed it out because there is a block of code that does not work in the practice:
if (argc != 3) {
printf("Usage: %s <input file> <output file>");
return 1;
}
So I intended it like a bug.